How can i get SSO for alfresco on windows-7 to work?

Question

domain AD on windows 2008 R2, linux server alfresco 3.4c, windows-7 client. I'm trying to get automatically logged into alfresco from the windows-7 client.

I've looked with wireshark to see what happens:
1. Client goes to /alfresco
2. Server sends Redirect to page
3. Client goes to Redirected page
4. Server sends a WWW-Authenticate: Negotiate header
5. Client DOES NOT respond to this

how can i configure the windows-7 client (or the AD domain) so that the client will in fact engage with the SPNEGO protocol? instead of just asking for user credentials? (the user is logged in through kerberos in the domain.)

Edit: I don't know if this is related but when logging off/on it seems there is no more traffic between client and AD. while i would think at least it should check the credentials... (since the windows-7 should be in the domain)

Also, the IE have the server in local sites.

Someone mentioned that there is a klist command on windows-7.

Answer 1

For IE 6-8 you need to have the site(s) in Options -> Security -> Local intranet -> Sites.

Firefox go to about:config, filter: network.negotiate-auth.trusted-uris, change to .youdomain.tld, .youseconddomain.tld

Edit: Also make sure the DNS-pointer is an A and not CNAME as windows, belive it or not (atleast in my experience), then provides a kerberos ticket for the final A-pointer.

Kerbtray is a useful tool for debugging the clientside.

Assuming you use Apache as webserver, setting loglevel debug in you vhost conf might give you a clue to what is/isn't happening.

Answer 2

apparently there was too much fiddling done with the AD and the windows-7 client, i reinstalled both and redone the keytabs and now it works for both HTTP and CIFS